# Sign in with Multi-factor Authentication

Multi-factor authentication (MFA) provides increased security for your PMO environment. With multi-factor authentication enabled, a user is expected to provide a time-based one-time password (TOTP) in addition to their username and password, when signing into the PMO environment.

A time-based password is generated by a multi-factor authentication application (MFA app).

Mobile users can install an MFA app such as Google Authenticator, Duo Mobile and Authy on their mobile phones. Laptop or computer users can install an MFA app such as Authy on their computers. Multi-factor authentication must be enabled on your account for you to be able to log in to Clarity using multi-factor authentication.

### Configure MFA For A User

An Administrator can enable or disable MFA for a user in PMO.

Requirements:

1. The user that you are enabling MFA for must have an MFA app installed on their mobile phone or computer.

To enable MFA for a user:

1. Sign into PMO. Then navigate to 'Tenants and Users' -> Users tab.
2. Select the user that you are enabling MFA for, then select action 'Enable MFA' from the action bar
3. Follow the wizard to enable MFA for the user.
4. The user will need to scan the QR code using their MFA app and provide authorization codes that you can then enter into the UI wizard.

### Sign In Using MFA

To sign in to PMO UI with multi-factor authentication:

1. Navigate to PMO UI login screen
2. Select local credentials. Enter your username and password
3. Select the 'I have a Multi-Factor Authentication (MFA) token' check box.
4. Launch your MFA app and generate a time-based one-time password for PMO
5. Enter the one-time password generated by the MFA app on the sign in screen
6. Click Sign In.

<figure><img src="/files/kevJWR7mM4C1wAKfFh7Z" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/managed-openstack/5.8/authentication-and-authorization/authentication-mfa.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.